[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Losing signing keys for custom Guix channel
From: |
Attila Lendvai |
Subject: |
Re: Losing signing keys for custom Guix channel |
Date: |
Mon, 25 Mar 2024 12:31:16 +0000 |
> from reading about guix authentication I think the new signing key
> must be first added to the .guix-authoriations file and that commit
> must signed with the current signing keys before the new signing
> key can be used.
yep. otherwise anyone with access to the origin git repo could override the
commit signature based authentication framework.
if you think about it, if there were any options for you to sidestep this
situation of a lost key, then any attacker could do the same.
i'm afraid your only option is to re-record and re-sign every commit,
force-push them, and publish a new channel intro snippet that all your users
must copy into their config.
alternatively, you *may* be able to simply publish a new channel intro snippet
(and convince all your users that it's a genuine situation) that will point to
the first new commit that is signed with the new key... but i doubt the
contract (nor the implementation) of the authentication code would just
silently accept the non-authenticated commits that precede your new channel
intro commit.
all the best in fixing the situation!
--
• attila lendvai
• PGP: 963F 5D5F 45C7 DFCD 0A39
--
“’Tis better it be a year later before he can read, than that he should this
way get an aversion to learning.”
— John Locke (1632–1704), 'Some Thoughts Concerning Education'